Summary: | dev-libs/libprelude[db] suffers from RPATH issues | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jason Wever (RETIRED) <weeve> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | netmon |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | ~2 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 81745 |
Description
Jason Wever (RETIRED)
2005-09-12 21:21:21 UTC
good news - rc13 doesn't exist any more better news rc14 and 15 aren't affected bad news rc14 and rc15 now do stuffed up install paths /var/tmp/portage/libprelude-0.9.0_rc14/image/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Prelude/Prelude.so /var/tmp/portage/libprelude-0.9.0_rc15/image/var/tmp/portage/libprelude-0.9.0_rc15/image/usr/lib/perl5/site_perl/5.8.6/i686-linux/auto/Prelude/Prelude.so Marcelo? emerge with USE=perl Daniel, I think you're confusing libpreludedb with libprelude. The stuffed up path looks like yet a new problem :-/. Reporter : could you please check that it still happens after the latest Perl upgrade... No change here with the latest perl update. I tried rebuilding libpreludedb as well since that is a dependency of libpreludedb and also uses perl but no changes. The error is still as originally posted. *** Bug 107017 has been marked as a duplicate of this bug. *** From bug 107017 : According to portage, the recently committed dev-libs/libprelude-0.9.0 [still] suffers from RPATH issues; QA Notice: the following files contain insecure RUNPATH's Please file a bug about this at http://bugs.gentoo.org/ For more information on this issue, kindly review: http://bugs.gentoo.org/81745 /var/tmp/portage/libprelude-0.9.0/work/libprelude-0.9.0/bindings/perl/../../src/.libs usr/lib/perl5/site_perl/5.8.7/sparc-linux/auto/Prelude/Prelude.so !!! ERROR: dev-libs/libprelude-0.9.0 failed. !!! Function dyn_install, Line 1044, Exitcode 0 !!! Insecure binaries detected !!! If you need support, post the topmost build error, NOT this status message. netmon please advise Fixed in libpreludedb-0.9.0-r1.ebuild and libprelude-0.9.0-r1.ebuild and reported upstream https://trac.prelude-ids.org/ticket/101 dragonheart: many thx. Is 0.9.0 a stable candidate and what should arch stableize (is libprelude enough or should they also mark other prelude*-0.9.0 as well) ? Only unstable versions were affected by this bug, so closing without GLSA |